User

Represents a recognized actor identity within a system, enabling secure access, personalized experiences, and activity tracking across different contexts and applications. A User entity separates the concept of system identity (authentication, authorization, preferences) from personal identity (Person entity). Users can represent individuals accessing business applications, administrative systems, customer portals, or API clients. The entity supports multiple authentication methods (via PasswordCredential and TwoFactorConfig), fine-grained permission-based authorization (via UserPermission), account lifecycle management, security policies, and preference management. Permissions are assigned directly to users through the UserPermission junction entity, enabling attribute-based access control (ABAC) with contextual constraints and temporal validity. The entity serves as the foundation for identity and access management across healthcare, enterprise, e-commerce, government, and SaaS platforms while maintaining separation from the underlying Person or Organization that the user represents.

13 properties

Schema

Properties

Property	Type	Mode	Description	Required
username	string	stored	Unique username for authentication - immutable identifier used for login Example: `"john.doe"`	Required
status	string	stored	Current status of the user account - active: can login and use the system, inactive: temporarily disabled, suspended: administratively blocked, locked: security lockout, pending-verification: awaiting email/phone verification Values: `active, inactive, suspended, locked, pending-verification` Example: `"active"`	Required
lockedUntil	datetime	stored	Date/time until which the account is locked (for temporary locks) Example: `"2024-01-16T10:30:00Z"`	Optional
person	Person	stored	Reference to the Person entity - use Person.telecoms for email/phone, Person.givenName/familyName for display name	Optional
preferences	json	stored	User interface preferences (theme, language, timezone, notifications, etc.) Example: `{"theme":"dark","locale":"fr-FR","timezone":"Europe/Paris","notifications":{"email":true,"push":false}}`	Optional
metadata	json	stored	Additional custom metadata for application-specific user data (e.g., onboarding progress, feature flags, user settings)	Optional
isActive	boolean	calculated	Whether the user account is currently active and can login	Optional
isLocked	boolean	calculated	Whether the user account is currently locked	Optional
hasPasswordCredential	boolean	calculated	Whether the user has a password credential configured (some users may only use SSO or other auth methods)	Optional
hasTwoFactor	boolean	calculated	Whether the user has at least one active two-factor authentication method configured	Optional
activePermissionsCount	number	calculated	Number of active permissions currently granted to this user (via UserPermission)	Optional
tenantsCount	number	calculated	Number of tenants this user is a member of (via TenantUser)	Optional
primaryTenant	Tenant	calculated	The user's primary/default tenant workspace (from TenantUser where isPrimary = true)	Optional

Examples

Example 1

{
  "@type": "User",
  "username": "john.doe",
  "person": {
    "@type": "Person",
    "givenName": "John",
    "familyName": "Doe",
    "telecoms": [
      {
        "@type": "ContactPoint",
        "system": "email",
        "value": "john.doe@example.com",
        "use": "work"
      },
      {
        "@type": "ContactPoint",
        "system": "phone",
        "value": "+1-555-0100",
        "use": "mobile"
      }
    ]
  },
  "status": "active",
  "preferences": {
    "theme": "dark",
    "locale": "en-US",
    "timezone": "America/New_York"
  }
}

Example 2

{
  "@type": "User",
  "username": "jane.smith",
  "person": {
    "@type": "Person",
    "givenName": "Jane",
    "familyName": "Smith",
    "telecoms": [
      {
        "@type": "ContactPoint",
        "system": "email",
        "value": "jane.smith@example.com",
        "use": "work"
      }
    ]
  },
  "status": "active",
  "preferences": {
    "locale": "fr-FR",
    "timezone": "Europe/Paris",
    "notifications": {
      "email": true,
      "push": false
    }
  }
}

Example 3

{
  "@type": "User",
  "username": "bob.wilson",
  "person": {
    "@type": "Person",
    "givenName": "Bob",
    "familyName": "Wilson",
    "telecoms": [
      {
        "@type": "ContactPoint",
        "system": "email",
        "value": "bob.wilson@example.com",
        "use": "work"
      }
    ]
  },
  "status": "pending-verification",
  "preferences": {
    "locale": "en-US",
    "timezone": "America/Los_Angeles"
  }
}

Example 4

{
  "@type": "User",
  "username": "alice.brown",
  "person": {
    "@type": "Person",
    "givenName": "Alice",
    "familyName": "Brown",
    "telecoms": [
      {
        "@type": "ContactPoint",
        "system": "email",
        "value": "alice.brown@example.com",
        "use": "work"
      }
    ]
  },
  "status": "locked",
  "lockedUntil": "2024-11-23T10:00:00Z",
  "preferences": {
    "locale": "ja-JP",
    "timezone": "Asia/Tokyo"
  },
  "metadata": {
    "lockReason": "Multiple failed login attempts",
    "lastFailedLoginAttempt": "2024-11-22T23:58:00Z"
  }
}

Example 5

{
  "@type": "User",
  "username": "api.client.1",
  "status": "active",
  "metadata": {
    "clientType": "service-account",
    "apiKeyId": "key_abc123"
  }
}